I'm new to mikrotik and would ask for your help!!!
My ISP provides trough fiber - 1000mb down/ 400mb up.
I have RB5009 router and I have 2 tp-link omada access points configured as stand-alone only with 5ghz ssid enable. I've done several tests with my laptop, mobile phone and tablet and the speed test is always around 880/920 down 350/380 up
Most of my clients complain that when browsing the internet it takes a long time to download pages etc...
I have setup a fasttrack to tcp and udp 53 port in the firewall, but I don't know if it helps.
Can you please help if it's a DNS approach that it's not allowing the clients to have a faster browsing?
Do I need to setup and host a dns server my self?
Code: Select all
/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WRX560
set [ find default-name=ether2 ] poe-out=off
set [ find default-name=ether3 ] poe-out=off
set [ find default-name=ether4 ] poe-out=off
set [ find default-name=ether5 ] poe-out=off
set [ find default-name=ether6 ] poe-out=off
set [ find default-name=ether7 ] comment="Management port" poe-out=off
set [ find default-name=ether8 ] name=ether8-WAN poe-out=off
set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1-switch
/interface wireguard
add listen-port=31231 mtu=1420 name=wireguard-casa
/interface vlan
add interface=bridge name=bridge.110 vlan-id=110
add interface=bridge name=bridge.192 vlan-id=192
/ip pool
add name=pool.192 ranges=192.168.27.2-192.168.27.254
add name=pool.110 ranges=10.80.81.2-10.80.81.254
/ip dhcp-server
add address-pool=pool.192 interface=bridge.192 lease-time=1d name=dhcp.192
add address-pool=pool.110 interface=bridge.110 lease-time=1d name=dhcp.110
/queue type
add cake-flowmode=dual-dsthost cake-nat=yes kind=cake name=cake-download
add cake-flowmode=dual-srchost cake-nat=yes kind=cake name=cake-upload
/queue tree
add bucket-size=0.01 max-limit=950M name=download packet-mark=no-mark parent=\
bridge.110 queue=cake-download
add bucket-size=0.01 max-limit=400M name=upload packet-mark=no-mark parent=\
ether8-WAN queue=cake-upload
/interface bridge port
add bridge=bridge interface=ether1-WRX560 pvid=110
add bridge=bridge interface=ether2 pvid=110
add bridge=bridge interface=ether3 pvid=110
add bridge=bridge interface=sfp-sfpplus1-switch pvid=110
add bridge=bridge interface=ether4 pvid=110
add bridge=bridge interface=ether5 pvid=110
add bridge=bridge interface=ether6 pvid=110
/ip neighbor discovery-settings
set discover-interface-list=all
/interface bridge vlan
add bridge=bridge tagged=bridge,ether1-WRX560,sfp-sfpplus1-switch vlan-ids=\
192
add bridge=bridge tagged=bridge vlan-ids=110
/ip address
add address=10.80.81.1/24 interface=bridge.110 network=10.80.81.0
add address=192.168.27.1/24 interface=bridge.192 network=192.168.27.0
add address=172.21.1.1/24 interface=ether7 network=172.21.1.0
add address=10.6.14.1/24 interface=wireguard-casa network=10.6.14.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-client
add interface=ether8-WAN
/ip dhcp-server network
add address=10.80.81.0/24 dns-server=10.80.81.1 gateway=10.80.81.1
add address=192.168.27.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.27.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip firewall address-list
add address=10.80.81.0/24 list="rede suporte"
add address=astoo.synology.me list="rede suporte"
/ip firewall filter
add action=drop chain=forward connection-state=new dst-address=10.80.81.0/24 \
src-address=192.168.27.0/24
add action=accept chain=input comment="allow WireGuard" dst-port=31231 \
protocol=udp
add action=accept chain=input comment="allow WireGuard traffic" src-address=\
10.6.14.0/24
add action=accept chain=input connection-state=established,related
add action=accept chain=input src-address-list="rede suporte"
add action=accept chain=input limit=50,5:packet protocol=icmp
add action=add-src-to-address-list address-list="rede suporte" \
address-list-timeout=5h chain=input dst-port=1981 protocol=tcp
add action=drop chain=input
add action=fasttrack-connection chain=forward comment="Fasttrack TCP" \
dst-port=53 hw-offload=yes protocol=tcp
add action=fasttrack-connection chain=forward comment="Fasttrack UDP" \
dst-port=53 hw-offload=yes protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether8-WAN
add action=dst-nat chain=dstnat dst-port=8000 protocol=tcp to-addresses=\
10.80.81.3 to-ports=8000
add action=dst-nat chain=dstnat dst-port=8001 protocol=tcp to-addresses=\
10.80.81.4 to-ports=8000
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=\
10.80.81.5 to-ports=80
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=\
10.80.81.5 to-ports=8001
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=\
10.80.81.5 to-ports=8000
/ip firewall service-port
set ftp disabled=yes
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
/system clock
set time-zone-name=Europe/Madrid
/system note
set show-at-login=no
/system ntp client
set enabled=yes